This is inaccurate and in a hilarious way.
Treasury is not coming after Bitcoin. There's an update in an ongoing rulemaking process that got reported here[0] as banning mixing and privacy tools. It may have been blown out of proportion[1], but I am not a lawyer, and certainly banning these tools would be bad. The thing is, Bitcoin's not private—every transaction is public for everyone to download. It's Twitter for your bank account. And that comes with serious privacy, safety, and boring commercial counterparty risks that should be addressed. These kinds of tools exist to mitigate that problem. The irony is that Bitcoin has largely refused to address this obvious issue, so no, Treasury isn't coming for Bitcoin. Indeed, there been years of people arguing Bitcoin would be just fine with no privacy protections.
[0] https://www.therage.co/us-government-to-bring-patriot-act-to...
[1] https://x.com/valkenburgh/status/1966174324701778071"
Readit Newsianmiers commented on The treasury is expanding the Patriot Act to attack Bitcoin self custody tftc.io/treasury-iexpandi... · Posted by u/bilsbie
ianmiers commented on De-anonymization attacks against the privacy coin XMR monero.forex/is-monero-to... · Posted by u/DbigCOX
This is by no means a comprehensive analysis. This analysis misses the most major limitation with Monero's decoy based approach to transaction obfuscation: Eve-Alice-Eve attacks (also known as ABA attacks). It also misses an analysis of the possible insecurity of churning and a significant history of randomness implementation errors and flooding attacks specific to Monero. The exact consequences of some of these attacks remain an open question, but worthy of mention.
A simple and surprising limitation of Monero and any other decoy-based approach is that if you repeatedly withdraw money from one exchange and then deposit it to another, those transactions are not private (edit: even if we ignore payment value). This is a form of Eve-Alice-Eve attack.
Monero uses decoy transactions to obscure the transaction history on-chain, but it does not remove the history. There's a reason every other major privacy protocol (Zcash, Tornado Cash, Railgun, Aleo, Penumbra, etc.) does not use Monero's decoy-based approach, and even the Monero developers are moving to the standard zero-knowledge proof over an accumulator (IIRC a merkle tree like everyone else) based approach that they call Full Chain Anonymity Proofs.
As a meta-comment, this is one of a genre of Monero "privacy" analysis documents that are circulated as a way to claim there are no known actively used exploits. This is little better than the classic "my scheme is secure; here's a bounty for anyone who breaks it" form of cryptographic analysis we often see with flawed encryption schemes. Breaks will not always be public.
The network demonstration of knowledge of the secret passage by 40 coin flips appears unnecessarily complicated.
Why not simply send Mick down the left path and show him returning from the right? That directly demonstrates Mick knows a passage from left to right (at least to all observers at the fork. home viewers still worry about video editing).
if you just sent Mick down the left path and he came out the right, then a video would conclusively show he knew the password.
And this is why "How to explain zero-knowledge protocols to your children" is probably the worst way to explain zero-knowledge protocols to anyone. Its not explaining what a zero-knowledge proof is or how it works. It's explaining what a simulator is when proving a protocol is zero-knowledge . Oh, and the explanation only works for interactive protocols.
Dumb question: why can't we just pass a law that requires all businesses to accept cash? The problem I have with articles like this is that I don't trust these coins. What are Grin and Zcash going to be worth in 5 years? Are they going to be stable enough to use as an actual currency and is the marketplace going to be confident enough to use them as currency?
I agree that cash is an important aspect of the economy that should be protected but I don't see how a couple coins that I have not heard of are going to be the panacea they purport to be.
Paying in cash, in addition to being a minor inconvenience that non-the-less outweighs most people's desire for privacy, does not work in online payments. It also doesn't work in businesses that get robbed.
The better question is, why do you need a new currency to get privacy? Why couldn't we have a private crypto currency backed by dollars or euros? There's no technical reason, indeed several groups are building this. What remains to be seen is if there's sufficient incentives to build anything around these or for any portion of the economy to move to them. Most purchases aren't sensitive, so for private payments to work, they need to be ubiquitous for non privacy reasons and just give people who need it the option for privacy. Much like cash does. But again, cash doesn't work online or increasingly offline
ianmiers commented on Crypto’s last man standing economist.com/finance-and... · Posted by u/stevenjgarner
Those things are definitely interesting from a technical point of view, but they solve problems that are uniquely created by crypto, and are not really needed outside of it.
For example AMMs are not needed, just use an order book. Stablecoins? Just use currency. DAOs? A corporation.
Fun fact, AMMs were considered well before cryptocurrency.
" The most popular automated market maker used in Internet prediction markets is Hanson’s logarithmic market scoring rule (LMSR), an automated market maker with particularly desirable properties [Hanson 2003, 2007]. The LMSR is used by a number of companies including Inkling Markets, Consensus Point, Yahoo!, Microsoft, and the large-scale non-commercial Gates Hillman Prediction Market at Carnegie Mellon [Othman and Sandholm 2010a]." From https://www.cs.cmu.edu/~sandholm/liquidity-sensitive%20autom...
Deleted Comment
Thank you!
Those papers are some of the densest ones, so maybe as a starter I would recommend Vitalik’s blog posts on ZK[1].
If folks are interested in a complexity theoretic introduction to ZK proofs, incidentally, in the interest of being self recommending, I authored one myself I’d be curious to hear thoughts on :)[2]
[1]: https://vitalik.ca/general/2021/01/26/snarks.html
[2]: https://nibnalin.me/dust-nib/a-succinct-story-of-zero-knowle...
Yeah, those papers are very dense. You might want try reading zerocoin[0] first, it was the starting point of all the zero-knowledge proofs for private payments on a blockchain. Then another academic paper, Pinocchio coin, had a proposal for zkSNARKs. And Zeorcash built the zksnark + merkle tree+ serial umber (later called a nullifiers ) approach.
This is pretty cool. But you might want to update the credit for the zksnark +merkle tree + nullifier idea. It's from an academic paper, Zerocash in 2014. The approach is used in Zcash and then in Tornado.cash Though Tornado.cash is actually an odd hybrid between Zerocash's merkle tree+snark approach and an older academic paper, Zerocoin, which proposed a zk mix protocol as an add on to Bitcoin.
Deleted Comment
ianmiers commented on Kape Technologies buys ExpressVPN for $936M alternativeto.net/news/20... · Posted by u/schleck8
"Kape Technologies was originally found under the name of Crossrider in 2011 developing advertising apps until they changed their name in 2018.
However, their software was treated as malware by companies such as Malwarebytes and Symantec begging one to ask, how can such a company despite rebranding itself change the shoddy culture that it had?
But the connections don’t end there. The very first CEO of Crossrider, Koby Menachemi, happened to be once a part of Unit 8200 which is an Israeli Intelligence Unit in their military and has also been dubbed as “Israel’s NSA.” Teddy Sagi, one of the company’s investors was mentioned in the Panama Papers which were leaked in 2016."
https://www.hackread.com/israeli-firm-kape-technologies-expr...
I don't think tagging people as ex 8200 is very helpful. Israel has mandatory military service and at this point if you have aptitude or are in a high school computer club in Tel Aviv or a few other places, you probably end up in 8200 for your service. For that matter, half the people who say there were in 8200 were either 1) listening to telephone calls 2) relegated to writing memos about the data people did hack and get. Of course, there are things one could have done that would raise serious questions. See, e.g., the issues raised for the people we know who worked on DualEC_DRBG.
On the other hand, there are other sketchy things about express VPN.